Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
321322323324325326327328329330
4-78
Firewall
Application-Level Gateways
ike
Some IKE applications expect the peers to always use source port UDP 500.
If a NAT device is present at the peer end, this does not work, because the
NAT device translates traffic coming from one of the internal devices inside
the private network.
The IKE ALG ensures that only one IKE session is in negotiation at one time,
thereby allowing the internal device to use UDP 500.
ils, ils2
The ILS ALGs process Lightweight Directory Access Protocol (LDAP) packets
that are used to communicate with ILS servers. They process only packets
with request type ADD, which contains the ASN.1-encoded source IP address
of the internal system that contacts the ILS server. They also replace the
private IP address with the NAT IP and translates it back to ASN.1.
ILS registers for TCP 389 and ILS2 registers for TCP 1002.
Limitations. In many-to-one NAT, support is provided for only one machine
to register with the ILS server.
irc
Internet Relay Chat (IRC) is a chat system that enables people that are
connected from anywhere on the Internet to join in live discussions. The IRC
ALG:
interprets the following command formats in the payloads that pass
through the control connection:
DCC CHAT chat XYZA BC (where XYZA = IP address and BC = port
number)
DCC SCHAT chat XYZA BC
DCC SEND F XYZA BC S (where F = filename and S = size)
DCC MOVE F XYZA BC S
DCC TSEND F XYZA BC S
extracts the IP address and port information from the control-connection
payloads and opens data associations to allow the data transfer between
the IRC clients.
translates the IP address and port information according to NAT policies.